Process Environment Information Leak
Weakness ID: 214 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

A process is invoked with sensitive arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Extended Description

Many operating systems allow a user to list information about processes that are owned by other users. This information could include command line arguments or environment variable settings. When this data contains sensitive information such as credentials, it might allow other users to launch an attack against the software or related resources.

+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms

Languages

All

+ Demonstrative Examples

Example 1

In the Java example below, the password for a keystore file is read from a system property. If the property is defined on the command line when the program is invoked (using the -D... syntax), the password may be displayed in the OS process list.

(Bad Code)
Example Language: Java 
String keystorePass = System.getProperty("javax.net.ssl.keyStorePassword");
if (keystorePass == null) {
System.err.println("ERROR: Keystore password not specified.");
System.exit(-1);
}

...
+ Observed Examples
ReferenceDescription
CVE-2005-1387password passed on command line
CVE-2005-2291password passed on command line
CVE-2001-1565username/password on command line allows local users to view via "ps" or other process listing programs
CVE-2004-1948Username/password on command line allows local users to view via "ps" or other process listing programs.
CVE-1999-1270PGP passphrase provided as command line argument.
CVE-2004-1058Kernel race condition allows reading of environment variables of a process that is still spawning.
+ Potential Mitigations

Compartmentalize your system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class200Information Exposure
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory634Weaknesses that Affect System Processes
Resource-specific Weaknesses (primary)631
+ Research Gaps

Under-studied, especially environment variables.

+ Affected Resources
  • System Process
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERProcess information infoleak to other processes
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description, Other Notes
2009-10-29CWE Content TeamMITREInternal
updated Other Notes
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Process Information Leak to Other Processes